NAME

Kernel::WebApp::Controller::Role::SetsSecurityHeaders – provide restrictive default security HTTP headers.

PUBLIC INTERFACE

around Handler()

set restrictive default security headers that can be overwritten endpoints as needed.

GetCSPAdditionalOrigins()

returns additional origins for content security policy. This method can be overloaded in an endpoint in order to modify list of additional origins.

ExtendSecurityHeaderForGravatar()

this method provides the additional security header for the Gravatar support, as default it is not needed:

    sub ExtendSecurityHeaderForGravatar {
        return;
    }